Mobile Users More Vulnerable To Phishing Attacks

← Back to Stories (view on slashdot.org)

Mobile Users More Vulnerable To Phishing Attacks

Posted by CmdrTaco on Tuesday January 4, 2011 @05:00AM from the it's-the-tiny-fonts dept.

Orome1 writes "Trusteer recently gained access to the log files of several web servers that were hosting phishing websites. Analyzing these log files provided visibility into how many users accessed the websites, when they visited them, whether they submitted their login information, and what devices they used to access the website. As soon as a phishing website is broadcast through fraudulent email messages the first systems to visit it are typically mobile devices. Most fraudulent emails call for immediate action. For example, they usually claim that suspicious activity has been detected in the user's account and that immediate action is required. Most victims who fall for this ploy will visit the phishing site quickly."

92 comments

Min score:

Reason:

Sort:

Actual headline by somersault · 2011-01-04 05:04 · Score: 0, Redundant

So, after reading the summary, we can conclude that the actual headline should be:
Mobile users more up to date with email than desktop users!
*facepalm*

--
which is totally what she said
1. Re:Actual headline by Anonymous Coward · 2011-01-04 05:10 · Score: -1
  
  So, after reading the summary, we can conclude that the actual headline should be:
  Mobile users more up to date with email than desktop users!
  *facepalm*
  Since black people are more likely to be poor, illiterate, and to have never graduated high school... the headline should say this: NIGGERS more vulnerable to phishing attacks! Yes, right there on the headline and there's nothing you can do about it except scream about political correctness. That would be a fine addition. You'd be screaming into an echo chamber of course, because there are no niggers on the internet.
2. Re:Actual headline by Anonymous Coward · 2011-01-04 05:31 · Score: 0
  
  people have no sense of humour to rate you down.
  Sure you could have said "African American" instead, or which ever way becomes politically correct next, but you wanted to point out that the original post title was crap, so you advised an even crappier title.
  But people would need brains to understand ...
3. Re:Actual headline by cbiltcliffe · 2011-01-04 05:34 · Score: 0
  
  No shit.
  Big surprise, people who get their email immediately are more likely to be first to visit a phishing site before it's taken down.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
4. Re:Actual headline by Anonymous Coward · 2011-01-04 06:12 · Score: 0
  
  There is a a lot if black people that never been in either African or American.
  Are you an European American? There is a lot of white people in Australia, New Zealand etc.
5. Re:Actual headline by initdeep · 2011-01-04 07:33 · Score: 1
  
  SERIOUSLY?
  and where did those white people in New Zealand and Australia come from.......
iPhone phishing by digitaldc · 2011-01-04 05:06 · Score: -1

iPhone users are 8 times more likely to engage phishing websites than Blackberry users. iPhone users account for 26% of the mobile market, Blackberry is 36%.

So the lesson is, if you use an iPhone - don't click on that link until you check it out the full email header on a PC. Unless you like living dangerously.

--
He who knows best knows how little he knows. - Thomas Jefferson
1. Re:iPhone phishing by windcask · 2011-01-04 05:09 · Score: 5, Informative
  
  Think about it. What percentage of iPhone users even know what an email header is, let alone how to look at it?
2. Re:iPhone phishing by Anonymous Coward · 2011-01-04 05:22 · Score: 0
  
  sure, and the typical blackberry user knows the difference between http 1.0 and http 1.1 ?
3. Re:iPhone phishing by windcask · 2011-01-04 05:26 · Score: -1, Troll
  
  A typical Blackberry user, while probably not a technical elite, has more years of experience using a computer than the iPhone user has been alive and has some semblance of an idea how email works, if just enough to become suspicious.
  iPhones are fashion accessories and social opiates.
4. Re:iPhone phishing by clang_jangle · 2011-01-04 05:35 · Score: 1
  
  Think about it. What percentage of users even know what an email header is, let alone how to look at it?
  Fixed.
  
  --
  Caveat Utilitor
5. Re:iPhone phishing by DrgnDancer · 2011-01-04 05:41 · Score: 1
  
  No, you believe that iPhones are "fashion accessories and social opiates" in actual fact, something on the order of 75% of the people I work with use iPhones, and we're a mostly Unix systems and development shop. Of course you will now counter that they must not be very good at their jobs or make some other obvious slur, because in your mind only people who agree with you about every aspect of technology could possibly be competent. None the less, we do quite well, our customers are usually very happy, and many of us use iPhones.
  
  --
  I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
6. Re:iPhone phishing by Anonymous Coward · 2011-01-04 05:41 · Score: 0
  
  lul whut?
  The lesson is actually don't click on the damn links for any reason. If they're legitimate a Google search will get you to their homepage from which you can address the issue.
  analyzing the header is just unesesary geek-wankery.
7. Re:iPhone phishing by formfeed · 2011-01-04 05:44 · Score: 2
  
  A typical Blackberry user, while probably not a technical elite, has more years of experience using a computer than the iPhone user has been alive and has some semblance of an idea how email works, if just enough to become suspicious.
  But on the other hand, an iPhone can be used as a level for hanging pictures.
  
  iPhones are fashion accessories and social opiates.
  
  Only if you add some cool apps. Did you know that you can use the level app to find out at what angle you fall over?
8. Re:iPhone phishing by I8TheWorm · 2011-01-04 05:45 · Score: 1
  
  Ought to be modded insightful.
  While smartphones certainly existed before the iPhone, Apple was instrumental in putting them in the hands of non-techies. The stereotypical soccer mom isn't exactly the most tech savvy person out there.
  
  --
  Saying Android is a family of phones is akin to saying Linux is a family of PCs.
9. Re:iPhone phishing by Anonymous Coward · 2011-01-04 05:55 · Score: 0
  
  Wow. You is right! I wish I was an e-mail badass like you!
10. Re:iPhone phishing by mikael_j · 2011-01-04 05:56 · Score: 1
  
  My experience is that those who use "executive smartphones" (like blackberrys) are generally quite inept when it comes to tech but "compensate" for it by yelling at those geeks in the IT department whenever something goes wrong (which also results in them getting as much preemptive CYA protection as possible from the IT geeks).
  iPhone users on the other hand tend to be "regular people" without magic CxO powers which means they're left to fend for themselves.
  
  --
  Greylisting is to SMTP as NAT is to IPv4
11. Re:iPhone phishing by jc42 · 2011-01-04 05:57 · Score: 1
  
  So the lesson is, if you use an iPhone - don't click on that link until you check it out the full email header on a PC.
  And this is a good hint at a major problem with mobile email: The user isn't generally allowed to see the full headers. I have a G1 (Android) with gmail installed. I've tried to find the email headers on several occasions, and as far as I can tell, there's no way to see them. And this isn't just a problem on Android; I also read my gmail from my linux and Mac computers, and I can't see the headers there, either. This is why my preferred email address is on an academic unix (FreeBSD) machine where I can run any of several mail readers, all of which show me the headers. And I can also use the low-level text-only mail(1) command. And I can read my mail with vi.
  I get the impression that most GUI email readers don't show the headers because their authors consider their users too stupid to understand email headers. For those of us that aren't that stupid, it's not hard to see the symptoms of a phishing attack -- if we are permitted access to the full email message. But I suppose we're a small minority, so the suppliers of commercial email software see no reason to cater to us.
  The frustrating part of this is that you know the software has all the headers, and could show them to us as easily as it shows the contents of the From: and Subject: lines. So denying us access to the rest of the headers is done with malice aforethought, and leads to this sort of susceptibility to phishing. Either that, or users learn to not read mail from strangers when using the limited (or limiting) commercial email readers.
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
12. Re:iPhone phishing by philj · 2011-01-04 05:57 · Score: 3, Interesting
  
  iPhone users are 8 times more likely to engage phishing websites than Blackberry users. iPhone users account for 26% of the mobile market, Blackberry is 36%. .
  I imagine this is because most Blackberrys are corporate phones and the phishing emails will never reach their corporate mailboxes in the first place.
  
  iPhone users on the other hand will be more likely to use hotmail/yahoo mail etc, which aren't as good at removing such mails, making the percentage of emails delivered to the device higher, hence the number of phishing website click-throughs higher.
  
  Just my thoughts, based on no data.
13. Re:iPhone phishing by Anonymous Coward · 2011-01-04 05:58 · Score: 0
  
  No, we just say that they the statistics show that they are likely to visit phishing sites.
14. Re:iPhone phishing by Monkeedude1212 · 2011-01-04 06:01 · Score: 1
  
  A typical Blackberry user, while probably not a technical elite, has more years of experience using a computer
  I think you are being generous to the Blackberry users.
  In my work as a help desk technician, who tirelessly has to make sure everyone's email works on Blackberry, iPhone, Android, WinMobile, etc - I've learned that Unless you are competant enough with computers to know how to avoid malware you are not any safer or more capable with your phone than any other phone provider.
  Simply "Using windows longer" does not constitute any more strength against malware attacks. My parents have used Windows for almost as long as I have been alive, yet they still manage to catch something new every year.
15. Re:iPhone phishing by Duradin · 2011-01-04 06:06 · Score: 1
  
  It would seem Apple bashing is a fashion accessory and social opiate around here.
  Gotta love the /. hipsters.
16. Re:iPhone phishing by zach_the_lizard · 2011-01-04 06:08 · Score: 2
  
  75% of iPhone users are above 25 years old, according to an April 2009 survey. RIM itself, in a 2010 leaked powerpoint estimated their own users at 36.7 years old, with the other smartphone users being 35.8. Still other survery show that the iPhone has just about 50% of its users 35 and above.
  Blackberry users, though they might be a little older, probably aren't so much older that they've been using a computer longer than the average iPhone user has been alive.
  
  --
  SSC
17. Re:iPhone phishing by josepha48 · 2011-01-04 06:10 · Score: 1
  
  actually most mobile clients do not show email headers nor do they show URL's like a browsers location bar. So if the title says wells fargo and looks like wells fargo then how are they gonna know the location is actually youjustgothackedonyourmobile.com
  
  --
  Only 'flamers' flame!
18. Re:iPhone phishing by Anonymous Coward · 2011-01-04 06:13 · Score: 0
  
  All I was trying to say was when I think of a RIM user, I think small business owner, 40-50 years old. When I think iPhone, I think a Facebook-obsessed teenager.
19. Re:iPhone phishing by windcask · 2011-01-04 06:16 · Score: 1
  
  youjustgothackedonyourmobile.com
  More like onlein-banking.co.za or welsfargo.ru.
20. Re:iPhone phishing by Anonymous Coward · 2011-01-04 06:34 · Score: 1
  
  And for every guy/girl that makes a living administrating Unix and has an iPhone, there are 100,000 other people that have an iPhone that have never heard of Unix. What is your point? Of those 100,000 per unix administrator, 99,900 of them never owned a non Apple smartphone and 99,500 of them can't even name a non Apple smartphone by model number so to say they never compared and chose an iPhone because of usability or function over some other choice because they never looked or know that other choices exist. That is the reason the parent claimed an iPhones are"fashion accessories and social opiates". Statistically, I see it around me in masse regardless of the small number of "geeks" that own one as well.
21. Re:iPhone phishing by mcgrew · 2011-01-04 06:36 · Score: 1
  
  iPhone users on the other hand tend to be "regular people" without magic CxO powers
  That's been my observation. I see suits and blackberries at work, iPhones and blue jeans at the bar (even though they are the expensive jeans; most people in that bar have normal phones).
  
  --
  Free Martian Whores!
22. Re:iPhone phishing by Anonymous Coward · 2011-01-04 06:51 · Score: 0
  
  Think about it. What percentage of EMAIL users even know what an email header is, let alone how to look at it?
23. Re:iPhone phishing by zach_the_lizard · 2011-01-04 06:54 · Score: 1
  
  And the links above seem to suggest that that stereotype (at least as far as age goes) is not so accurate. iPod touch? Yeah, the vast majority of people who own those are 13-17. iPhone? Nope; the same proportion is above 25.
  
  --
  SSC
24. Re:iPhone phishing by hedwards · 2011-01-04 07:03 · Score: 1
  
  Part of the problem is that tricks that you have available on a desktop interface to do a check of the actual URL aren't available on mobile devices. I know that the only way I can know what a link is for is by cutting and pasting it, whereas with my desktop I can hover over it. Worse due to the size constraints on my screen, I can't count on seeing the entire URL.
  
  I'm using a Nexus One, but I suspect that to be a fairly common problem on mobile platforms.
25. Re:iPhone phishing by Requiem18th · 2011-01-04 07:31 · Score: 1
  
  But it run Apps! I dare you run Apps in your conpooter
  
  --
  But... the future refused to change.
26. Re:iPhone phishing by toleraen · 2011-01-04 07:35 · Score: 1
  
  Holy mother of Moses, I get to brag about Windows Mobile for a second!
  
  Every time I click a link in an email it displays the full text of the link and asks me to confirm that I want to go to that website.
27. Re:iPhone phishing by initdeep · 2011-01-04 07:39 · Score: 0
  
  and how many of those iPhones are "sold" to the parents in a household, yet used by the teenage children/under 25 college student in the household and on the parents phone plan.......
  I can think of about 50 in my somewhat small circle of friends alone.....
28. Re:iPhone phishing by Anonymous Coward · 2011-01-04 07:50 · Score: 0
  
  How does one view email headers on the iPhone? Also, on the desktop, one can hover the mouse over any links to see the target. On the iPhone, onecan click, but not hover. For those reasons I don't click on links in email on my iPhone.
29. Re:iPhone phishing by businessnerd · 2011-01-04 08:21 · Score: 1
  
  I imagine it also has to do with how terrible the web browser is on most Blackberries. I haven't used the new Blackberry OS 6 browser that uses WebKit, but every BB running OS 5 and later has a slow clunky browser that often fails to render pages correctly. When I receive an e-mail on my BB that requires immediate action be taken on a website, sometimes I might try on the phone itself, but half the time I do, the page has issues loading or login doesn't work or some other javascript error keeps things from working the way they are suppose to. Knowing this, I usually don't even bother attempting this on the phone. When browsing, I generally try to stick to mobile sites for this same reason. Another point too, is that it seems there is still a slim majority of BB users that have the Curve 83XX model, which is pretty outdated by modern smartphone standards. Users of these devices rarely use the web browsers or use any of the other "smart" features of the phone other than e-mail, SMS and maybe BBM.
  
  --
  "It's not whether you win or lose, it's how drunk you get." -- H. J. Simpson
30. Re:iPhone phishing by Opportunist · 2011-01-04 08:36 · Score: 1
  
  No. But the typical Blackberry user has an admin he can call and tell "solve that problem for me" which usually results in "No worries, boss, it's a phishing site, you didn't go there? No? Ok, then I'll take care of it, shouldn't take longer than an hour or two".
  Dammit, I'm outta rockets...
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
31. Re:iPhone phishing by fizzup · 2011-01-04 08:40 · Score: 1
  
  I never click any link in an email I get on my Blackberry, because Blackberry's browser sucks poop. And I mean a lot of poop. Like, through one of those big fat "bubble tea" straws. Ssssssssshhhhhhhhthug! Eww, that was a yucky experience. Like that. Poop.
32. Re:iPhone phishing by Anonymous Coward · 2011-01-04 11:10 · Score: 0
  
  my phone will not allow me to see email headers or source and either filters out or breaks PGP and SSL signatures so how can I judge the authenticity of any piece of email? Also, the mobile browsers OpenWave and Opera make it tedious, if not difficult or impossible to view page source.
33. Re:iPhone phishing by Anonymous Coward · 2011-01-04 11:49 · Score: 0
  
  [Y]et they still manage to catch something new every year.
  
  Maybe they shouldn't sleep around so much.
34. Re:iPhone phishing by zach_the_lizard · 2011-01-04 17:14 · Score: 1
  
  It doesn't matter, because the survey was through the browser, not at the store while you purchase the device / contract. If the parents get their kid an iPhone, it will show up in the survey as the kid's (since he's the one actually using it).
  
  --
  SSC
35. Re:iPhone phishing by assassinator42 · 2011-01-05 12:11 · Score: 1
  
  To see the full source (including headers) of an email in GMail, click on the arrow on the right of reply then "Show Original".
  I also don't see any way to do this in GMail for Android or even the GMail mobile website.
Pwnage disparity. by windcask · 2011-01-04 05:06 · Score: -1, Redundant

"Eight times more iPhone users accessed these phishing websites than Blackberry users."
Nevermind the default mail clients' interfaces; think of the demographics of these devices and the causality will immediately become clear.
1. Re:Pwnage disparity. by Monoman · 2011-01-04 05:20 · Score: 2
  
  A fool and his password ...
  
  --
  Keep the Classic Slashdot.
Maybe mobile DEVICES are more vulnerable by clone53421 · 2011-01-04 05:22 · Score: 5, Insightful

If mobile users can’t tell the difference between real sites and fraudulent ones, that says something about the mobile device’s web browser, IMHO.

--
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
1. Re:Maybe mobile DEVICES are more vulnerable by Nadaka · 2011-01-04 05:27 · Score: 3, Informative
  
  Mobile users are used to having their browser detected as mobile and being shunted off to a simplified and barely functional mobile page.
  It is one of the reason that I use firefox with a user agent fuzzer on my android phone.
2. Re:Maybe mobile DEVICES are more vulnerable by MichaelKristopeit351 · 2011-01-04 05:29 · Score: -1, Funny
  
  maybe you should consider the implications of the transitive property.
3. Re:Maybe mobile DEVICES are more vulnerable by Anonymous Coward · 2011-01-04 05:34 · Score: -1
  
  ur mum's face're consider the implications of the transitive property.
  keep cowering feeb.
  you're totally pathetic.
4. Re:Maybe mobile DEVICES are more vulnerable by MichaelKristopeit351 · 2011-01-04 05:40 · Score: -1
  
  i have never cowered.
  why do you cower? what are you afraid of?
  you're an ignorant hypocrite.
5. Re:Maybe mobile DEVICES are more vulnerable by windcask · 2011-01-04 05:44 · Score: 1
  
  My name is Michael Kristopeit. I live in Wisconsin.
  Present yourself to me and I will free you of your transgressions.
  For great justice.
6. Re:Maybe mobile DEVICES are more vulnerable by clone53421 · 2011-01-04 05:44 · Score: 1
  
  If you’re not just trolling (which I very much suspect you are), care to explain what you meant by that?
  
  --
  Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
7. Re:Maybe mobile DEVICES are more vulnerable by MichaelKristopeit350 · 2011-01-04 05:52 · Score: -1, Troll
  
  ur mum's face're not just trolling. you're an idiot.
  why do you cower behind a chosen pseudonym? are you afraid people will find out you are really Stephen Alongi? are you afraid that you called for my murder and i have chosen to bring justice upon you? jesus can not help you.
  cower some more, feeb.
  you're completely pathetic.
8. Re:Maybe mobile DEVICES are more vulnerable by MichaelKristopeit330 · 2011-01-04 05:53 · Score: -1
  
  cower some more, feeb.
  you're completely pathetic.
9. Re:Maybe mobile DEVICES are more vulnerable by Anonymous Coward · 2011-01-04 06:30 · Score: 0
  
  MichaelKristopeit350 (1968134) is all alone in the world.
10. Re:Maybe mobile DEVICES are more vulnerable by MichaelKristopeit330 · 2011-01-04 06:37 · Score: -1
  
  i am michael kristopeit. i am married with children.
  cower some more, feeb.
  you're completely pathetic.
11. Re:Maybe mobile DEVICES are more vulnerable by Anonymous Coward · 2011-01-04 07:26 · Score: 0
  
  PEDOPHILE!
12. Re:Maybe mobile DEVICES are more vulnerable by MichaelKristopeit355 · 2011-01-04 07:38 · Score: -1
  
  take responsibility for your lies, OR cower some more, feeb.
  you're completely pathetic.
  i live at 4513 brittany ct. eau claire, wi. 54701. present yourself to me; admit what you've done, then i will bring upon you the ultimate punishment for your transgressions.
13. Re:Maybe mobile DEVICES are more vulnerable by MichaelKristopeit360 · 2011-01-04 07:44 · Score: -1, Troll
  
  Yes you are right, I am a pedophile. I live at 4513 brittany ct. eau claire, wi. 54701.
14. Re:Maybe mobile DEVICES are more vulnerable by Anonymous Coward · 2011-01-04 07:49 · Score: 0
  
  You live at Habitat for Humanity? Also is it smart to be threatening people in print?
15. Re:Maybe mobile DEVICES are more vulnerable by MichaelKristopeit331 · 2011-01-04 08:02 · Score: -1
  
  no... as i already stated, and you ignorantly misunderstood, i live at 4513 brittany ct. eau claire, wi. 54701... a 3 bedroom, 3 bath family residence i paid cash for and live in with my wife and children and dogs and numerous firearms. your precious google was not afforded accurate data to provide to you, leaving you looking like an idiot. as you can see the numbers on the house while utilizing google's street view service, as well as another house in the position google reports the habitat for humanity being located, their erroneous and numerous data reporting contradictions become apparent.
  you feel threatened? that is very telling.
  cower some more, feeb.
  you're completely pathetic.
16. Re:Maybe mobile DEVICES are more vulnerable by Anonymous Coward · 2011-01-04 08:21 · Score: 0
  
  I notice that he's recently stopped claiming that he's going to kill people. I wonder if he's afraid of the possible legal ramifications?
17. Re:Maybe mobile DEVICES are more vulnerable by Anonymous Coward · 2011-01-04 09:06 · Score: 0
  
  MichaelKristopeit330 (1963782) is all alone in the world.
18. Re:Maybe mobile DEVICES are more vulnerable by MichaelKristopeit331 · 2011-01-04 09:17 · Score: -1
  
  i am michael kristopeit. i am married with children.
  cower some more, feeb.
  you're completely pathetic.
19. Re:Maybe mobile DEVICES are more vulnerable by cbiltcliffe · 2011-01-04 14:20 · Score: 1
  
  The timeline goes something like this:
  1. Phishing email is sent out.
  2. Desktop users won't check their email for several hours, because they're at work/away from their desk/in a meeting, but mobile user gets email immediately, because their device is on their belt.
  3. Mobile user provides username/password to fake site.
  4. Site gets noticed by server admin and taken down.
  5. Desktop user gets to their computer, reads email, checks site, and finds "404 - page not found".
  In other words, there's no story here.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
20. Re:Maybe mobile DEVICES are more vulnerable by MichaelKristopeit352 · 2011-01-06 05:55 · Score: -1
  
  ur mum's face's recently stopped claiming that he's going to kill people.
  you're exactly what you've claimed to be: NOTHING... or i absolutely would kill you.
  cower some more, feeb.
  you're completely pathetic.
21. Re:Maybe mobile DEVICES are more vulnerable by MichaelKristopeit347 · 2011-01-11 18:14 · Score: 0
  
  "MichaelKristopeit360" is operated by a pathetic individual attempting to steal my identity, and criminally defame me.
  to the individual responsible: present yourself to me; admit what you've done, then i'll bring upon you the ultimate punishment for your transgressions.
  you spend your days in a fantasy world you have created relative to me. the instrument you choose to play is the sexual abuse of children.
  you are completely pathetic.
Also poor email clients on mobile devices by Culture20 · 2011-01-04 05:37 · Score: 1

My current mobile device, an iPhone, has a terrible native email client. There is no way to use text-only, view headers, or use pgp. I won't be surprised when a new email worm turns up that takes advantage of an image library that the iPhone mail.app uses. At least if I could view in text-only mode I wouldn't have to wait to click on suspected SPAM until I get to a real computer (Hey, you never know, "1 long 4u" might be an old girlfriend, not viagra SPAM).
1. Re:Also poor email clients on mobile devices by clang_jangle · 2011-01-04 06:14 · Score: 1
  
  The article is wrong about the Blackberry. You can set it for text-only email, and if you highlight the "From:" field you'll see the sender's address in a tooltip. I'm quite pleased with email on the BB, and using the Bolt browser, BBSSH for ssh logins, RepliGo Reader, and just a few other carefully chosen apps the BB is pretty awesome. Of course it doesn't have the huge screen of a Droid or iPhone (they always seem to be cracked anyway within a few months, don't they?), but there's really no comparison if you're looking for security and worry-free utility.
  
  BTW, anyone who clicks a link in email for *anything* money-related is going to be screwed sooner or later, whether they're using an x86 machine or a mobile device.
  
  --
  Caveat Utilitor
We created this problem by Simonetta · 2011-01-04 05:38 · Score: 1

We created this problem when we created the web. It is our ('our' being us the people who make their living building and maintaining the web) responsibility to solve it. We can't just tell people to monitor the arcane technical details over what is basically an issue of massive amounts of unpunished fraud crime. If left unchecked, the criminals will just get better and better technology.
We have to decide several things: one, we have to accept that law enforcement can not deal with this because they don't have the time and resources. So, it is our responsibility. Two, we have to decide what we are going to do about it. In other words, what will be effective in stopping this activity. Three: we have to do it. Which means we have to be cruel to people. Ordinary people who are just trying to make a sleazy buck. Cruel like in violence, because violence is the only way to enforce the law when the traditional law-enforcement mechanism can't respond.
I suggest private sting operations. We set up or let it be known that we will set up phishing sites for people, and then apply violence to anyone who pays us money to do it. People will stop buying phishing site product.
One big problem with this is the possibility that large criminal organizations will demand that we run the entrapment phishing sites for them. Being large criminal organizations, they have the resources of violence to make us do this. But then we can offer these people to traditional law enforcement. One more day in the 'system of power', as the Mafia calls it.
But we should take care of this problem. Otherwise we can't claim that there is any real benefit to the citizens in using the internet that we have so painstakingly created.
1. Re:We created this problem by DrgnDancer · 2011-01-04 05:55 · Score: 1
  
  Yeah, because it's not the least bit illegal to beat the shit out of people whom you personally determine to be guilty of a crime. Not to mention that on the Internet no one know you're a dog. How do you know this guy you're going out to "sting" isn't a 6' 5", 250 pound multiple black belt and weapons expert? Nothing can possibly go wrong with your plan
  
  --
  I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
2. Re:We created this problem by jc42 · 2011-01-04 06:23 · Score: 1
  
  But we should take care of this problem. Otherwise we can't claim that there is any real benefit to the citizens in using the internet that we have so painstakingly created.
  Um, we (the folks who brought you the Internet, including email) have done it. On the machine where my primary email address lives, the email software runs a program that does a pretty good job of testing each message for problems and giving a "spam" rank. I have my reader automatically file everything above a threshold in a "junk" folder, which I check occasional for false positives. I can also add things like keywords (e.g., certain commercial domains) to the list of suspicious content patterns.
  This is hardly anything unusual. There are quite a lot of email packages out there that do a good job of fingering spam and malicious email. And there are a lot of people fighting the battle of keeping up with the bad guys and improving the ranking software.
  But there's one thing we can't (legally;-) do: We can't force people to use such software. If people want an iPhone, they get email software that's approved by Apple, and we have no power over Apple. No matter how good our anti-malware code is, Apple can nix it, and iPhone users won't have it.
  So don't say that we should take care of the problem. The people who should take care of it are the ones who decide what software will be delivered on the machines they sell to their customers. If they choose not to bother with the easily-available software that checks for spam, phishing, and other malware, there's not a thing we can do to force them to change their ways.
  Well, OK, we can publicize their failures. Like we've done here. Publicity isn't always successful, especially against corporations with billion-collar marketing budgets, but it's really the only tool we have. Just providing the software doesn't work; we have copious examples to support that claim. So publicity is our only real recourse.
  One of the problems with publicity is that the corporations routinely respond by saying that we should tell only them, and let them fix the problem. We also have copious evidence that this doesn't work. Even the most responsive corporations (which does include Apple and Google) will sit on unannounced exploits for months or years, until we announce the exploits to the world. So the only real solution is to not bother telling them about problems. Or rather, we should be looking for exploits, sending them the details of each exploit, and shortly thereafter, announcing each exploit in an appropriate public forum. Experience show that that's the only way we can get them to actually permit us to fix the problems.
  (I wonder if /. would be such a forum. We should watch and see if this discussion gets any response from the guilty parties. ;-)
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
3. Re:We created this problem by TaoPhoenix · 2011-01-04 06:29 · Score: 1
  
  When you have his info look him up on Facebook!
  
  --
  My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
4. Re:We created this problem by Anonymous Coward · 2011-01-04 07:03 · Score: 0
  
  You didn't read GP's entire post. He wasn't proposing a technical solution. He was proposing vigilante violence against perpetrators of phishing scams.
5. Re:We created this problem by Anonymous Coward · 2011-01-04 07:18 · Score: 0
  
  On the machine where my primary email address lives, the email software runs a program that does a pretty good job of testing each message for problems and giving a "spam" rank. I have my reader automatically file everything above a threshold in a "junk" folder, which I check occasional for false positives.
  But there's one thing we can't (legally;-) do: We can't force people to use such software. If people want an iPhone, they get email software that's approved by Apple, and we have no power over Apple. No matter how good our anti-malware code is, Apple can nix it, and iPhone users won't have it.
  I know this is gonna rock your POP3, client-side-rule world, but the smartphone set has already embraced server-side quarantines and IMAP.
  Imagine a spam quarantine that works like your setup, but doesn't depend on a single client machine doing all the work. Your mail, appropriately filtered, on any device you choose.
  Gonna rock your world, man.
6. Re:We created this problem by Opportunist · 2011-01-04 08:46 · Score: 1
  
  No. FUCKIN' NO!
  We created the web for US. No safety bars and no handrails. Why? 'cause we don't need them. We wanted something that "just works". And it did. For US. And for nobody else it was meant to be.
  If someone has to fix it, it's the people who want the tech illiterates to litter our web. I never wanted them to be here, and whether they are here or not is nothing I'd be interested in.
  Bluntly, it was a mistake to make the web "user friendly". A big mistake. Every roller coaster has a sign "you must be this tall to ride". We need a "you must be this intelligent to ride" entry bar.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
7. Re:We created this problem by jc42 · 2011-01-04 13:40 · Score: 1
  
  Well, yeah, I read that. But he also suggested why a vigilante approach might not work too well. In particular, the phishing part is more and more being run by the organized crime crowd, who in many places function much like the government: If you hurt their people, they simply kill you. So we might want to be careful about which spammers and phishers we approach with our torches, pitchforks and clubs.
  A much safer approach would be to spread the existing (open, free) software that helps spot email bearing malware and trashes it. That's a lot harder for the crime bosses to pin on specific anonymous victims, since the effect is to silently ignore the malware. They don't know you're in on it, so they won't send Vinnie and Joe around to take you out.
  
  --
  Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Not "Vulnerable" by eepok · 2011-01-04 05:39 · Score: 1

The term is not "vulnerable". Users are only vulnerable to real world things. Users are however, *gullible* and *susceptible" to phishing ploys. Especially iPhone users, apparently. *facepalm*
1. Re:Not "Vulnerable" by MichaelKristopeit350 · 2011-01-04 05:45 · Score: -1
  
  not "correct".
  vulnerability can apply to non-physical things such as partnerships and emotions. you're an idiot.
  did your mother name you "eepok"? why do you cower behind a chosen pseudonym? what are you afraid of?
  you're completely pathetic.
2. Re:Not "Vulnerable" by MichaelKrisotpeit360 · 2011-01-04 12:24 · Score: 1
  
  Did your mother name you "MichaelKristopeit360?" Why do you cower? You're an ignorant hypocrite. Now pay the price by submitting to my transgressions.
3. Re:Not "Vulnerable" by MichaelKristopeit331 · 2011-01-04 12:50 · Score: 0
  
  my name is michael kristopeit. i do not cower. you spend your days in a fantasy world you've chosen to create relative to me. you're completely pathetic.
  give an address for me to display the submission you desire, else your pea-brained demands could not possibly be met.
  present yourself to me; admit what you've done, then i'll bring upon you the ultimate punishment for your transgressions.
4. Re:Not "Vulnerable" by Anonymous Coward · 2011-01-05 02:54 · Score: 0
  
  1600 Pennsylvania Avenue NW, Washington, DC 20500
5. Re:Not "Vulnerable" by MichaelKristopeit341 · 2011-01-05 05:31 · Score: 0
  
  how will i know who you are?
  cower some more, feeb. attempt more lies.
  you're completely pathetic.
6. Re:Not "Vulnerable" by Anonymous Coward · 2011-01-05 05:49 · Score: 0
  
  how will i know who you are?
  you claimed this is a non-anonymous forum, so I'm sure you'll figure out some way. maybe I really am the president. maybe you just threatened me. maybe the secret service will be on your doorstep in a few minutes. I'm sure they will want to know what exactly is the "ultimate punishment" that you would bring upon the president if he transgressed you?
7. Re:Not "Vulnerable" by MichaelKristopeit343 · 2011-01-05 05:58 · Score: 0
  
  this is most certainly and obviously a non-anonymous forum relative to me.
  you can't even bring yourself to lie and claim you are the president. you simply cower around the issue as an ignorant hypocrite would. you are exactly what you've claimed to be: NOTHING.
  cower in my shadow some more, feeb.
  you're completely pathetic.
makes sense... by Anonymous Coward · 2011-01-04 05:44 · Score: 0

If someone can be suckered into paying the $$$ for a mobile internet device and suckered into the horrid price for the data plan and a locked in contract to subsidize the POS... that someone is a good candidate for being suckered on anything else.
many intervening variables by Anonymous Coward · 2011-01-04 05:44 · Score: 1

There seem to be a lot of intervening variables (between "gullible" and "mobile user") which are unaccounted for in TFA.
Most of those are also likely magnified when "mobile user" is further reduced to "iphone user".
This just in! by Anonymous Coward · 2011-01-04 06:01 · Score: 1

Mobile users have crummy email browsers that don't display full headers. Film at 11.
Sheesh.
1. Re:This just in! by clang_jangle · 2011-01-04 07:03 · Score: 1
  
  So much talk about headers in this discussion, but spoofing email headers is really not that hard. The real answer is don't click on links in email for anything that in any way involves the use of financial services of any description. I shop amazon (on a computer) all the time, and I don't even click on links in emails they send me. Why would I need to? Only takes a moment to login manually via https. And just because your carrier provides a "mobile banking" app doesn't mean they provide a secure enough network to safely use it! For those few cases where I need to buy something via smartphone I have one paypal account (not tied to a card or bank) just for that. If it gets compromised, the most I could lose is two or three hundred dollars.Don't kid yourself -- the internet is dangerous, and cell networks are potentially much more so.
  
  --
  Caveat Utilitor
Re: phishing by Anonymous Coward · 2011-01-04 07:18 · Score: 1

I see no reason to use mail headers. It's obscure and "nobody" (general public) will know how to read them.
If people had a semblance of intelligence, they would know that email is inherently untrusted. EVEN if you had a game account, bank account, etc. with the phished company in question, I would never click on any link inside the email. I would go directly to the site itself by typing into a browser. Any notices that go through the email can be easily navigated or noted through the site itself.
There's my defense, preventing me from ever getting phished. Simple and even a retarded phone users can do it.
But they won't, because they want their shinies immediately.
this FP for GNAA by Anonymous Coward · 2011-01-04 10:29 · Score: -1

the winD appeared never heeded
It doesn't matter if they know.. by Leon+Buijs · 2011-01-04 11:50 · Score: 1

You can't look at the email headers on an iPhone, the mail app has no option for it.
That'll be me then by naich · 2011-01-04 20:30 · Score: 1

If I have the time, I always visit a new phishing site and put in bank details. Not real ones, obviously. I'm hoping that maybe there is a slim chance that somewhere out there, I might have just annoyed a phisher.